-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Yeah, I deliberately pushed the spiped formula from Homebrew onto our
provided OpenSSL yesterday because of the crypto issues.
Apple hasn't entirely abandoned OpenSSL. I actually managed to get a
response from them late last month about bumping the OpenSSL version
in the new Yosemite builds to cover the vulnerabilities announced in
0.9.8 & 1.0.1g a couple months back and they confirmed they'd bump the
Yosemite OpenSSL to 0.9.8za which they then did.
Of course, they didn't issue the fix for Mavericks so potentially
Mavericks is still vulnerable to those issues fixed by za & h, which
is frustrating and dangerous.
IMO, Anything that builds with libcrypto on OS X should build the
latest OpenSSL with it, whether that's through Homebrew, MacPorts or
built as an optional dependency in the package before compile.
Dom
Sent from Thunderbird for OS X. My PGP public key is automatically
attached to this email.
On 30/08/2014 22:04, Frederick Akalin wrote:
> Hey all,
>
> I ran into a few issues when trying to build spiped from trunk on
> OS X. Colin mentioned that the Makefiles from the SVN tree were for
> his own use and would probably not work on anything other than
> FreeBSD, but the issues I ran into are inherently interesting and
> may be worth fixing anyway. (And also may be useful for other
> people trying to get a development environment set up on
> non-FreeBSD platforms.)
>
> I ended up trying to get 'bsdmake -f Makefile.POSIX' to work. Both
> Makefile and Makefile.POSIX recurse into spipe/ and spiped/, and
> the Makefiles in those directories assume bsdmake, but using
> Makefile.POSIX leverages the existing code to detect the POSIX
> failures.
>
> I start with r171, which includes the fixes to build spiped 1.4.0
> on OS X (using ${MAKE} instead of make, avoiding printing trailing
> newlines in POSIX/posix-cflags.sh).
>
> Here's the first problem I run into:
>
> cc -O2 -g -I ../proto -I ../libcperciva/alg -I
> ../libcperciva/datastruct -I ../lib/dnsthread -I
> ../libcperciva/util -I ../libcperciva/cpusupport -I
> ../libcperciva/events -I ../libcperciva/network -I
> ../libcperciva/crypto -I . -D
> CPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" -Wsystem-headers
> -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter
> -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith
> -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow
> -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline
> -Wnested-externs -Wredundant-decls -c
> ../libcperciva/datastruct/ptrheap.c
> ../libcperciva/datastruct/ptrheap.c:7:1: error: unused function
> 'ptrlist_resize' [-Werror,-Wunused-function]
> ELASTICARRAY_DECL(PTRLIST, ptrlist, void *); ^
> ../libcperciva/datastruct/elasticarray.h:114:2: note: expanded from
> macro 'ELASTICARRAY_DECL' prefix##_resize(struct prefix##_struct *
> EA, size_t nrec) \ ^ <scratch space>:101:1: note: expanded
> from here ptrlist_resize
>
> (BTW, the long list of warning flags comes from bsd.sys.mk.)
>
> This seems like a legit warning -- not sure why it's not firing on
> FreeBSD. Here's OS X 10.9.4 + XCode 5.1.1's compiler:
>
> $ cc --version Apple LLVM version 5.1 (clang-503.0.40) (based on
> LLVM 3.4svn) Target: x86_64-apple-darwin13.3.0 Thread model: posix
>
> That's easily worked around by appending -Wno-unused-function to
> CFLAGS. A better solution might be to avoid defining that function
> unless needed, but that is a bit ugly since it would involve
> defining two ELASTICARRAY_DECL macros.
>
> The next problem I run into is this:
>
> cc -O2 -g -I ../proto -I ../libcperciva/alg -I
> ../libcperciva/datastruct -I ../lib/dnsthread -I
> ../libcperciva/util -I ../libcperciva/cpusupport -I
> ../libcperciva/events -I ../libcperciva/network -I
> ../libcperciva/crypto -I . -D
> CPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" -Wsystem-headers
> -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter
> -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith
> -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow
> -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline
> -Wnested-externs -Wredundant-decls -Wno-unused-function -c
> ../libcperciva/util/asprintf.c In file included from
> ../libcperciva/util/asprintf.c:2: In file included from
> /usr/include/stdio.h:71: /usr/include/sys/_types/_va_list.h:31:26:
> error: redefinition of typedef 'va_list' is a C11 feature
> [-Werror,-Wtypedef-redefinition] typedef __darwin_va_list va_list;
> ^
> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/5.1/include/stdarg.h:30:27:
>
>
note:
> previous definition is here typedef __builtin_va_list va_list; ^ 1
> error generated.
>
> This seems like just a problem with OS X's system headers. This is
> also easily worked around by appending -Wno-system-headers to
> CFLAGS (which is better than -Wno-typedef-redefinition, I think).
>
> The third problem is that CFLAGS_POSIX isn't used in
> spipe{,d}/Makefile. This is expected since those Makefiles are
> assuming FreeBSD. I just simply appended ${CFLAGS_POSIX} to
> CFLAGS.
>
> The fourth problem is this:
>
> cc -O2 -g -DPOSIXFAIL_MSG_NOSIGNAL -DPOSIXFAIL_CLOCK_REALTIME -I
> ../proto -I ../libcperciva/alg -I ../libcperciva/datastruct -I
> ../lib/dnsthread -I ../libcperciva/util -I
> ../libcperciva/cpusupport -I ../libcperciva/events -I
> ../libcperciva/network -I ../libcperciva/crypto -I . -D
> CPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" -Wsystem-headers
> -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter
> -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith
> -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow
> -Wcast-align -Wunused-parameter -Wchar-subscripts -Winline
> -Wnested-externs -Wredundant-decls -Wno-unused-function
> -Wno-system-headers -c ../libcperciva/crypto/crypto_aes.c
> ../libcperciva/crypto/crypto_aes.c:114:2: error:
> 'AES_set_encrypt_key' is deprecated: first deprecated in OS X 10.7
> [-Werror,-Wdeprecated-declarations] AES_set_encrypt_key(key, len *
> 8, kexp); ^ /usr/include/openssl/aes.h:92:5: note:
> 'AES_set_encrypt_key' declared here int AES_set_encrypt_key(const
> unsigned char *userKey, const int bits, ^
>
> It looks like this is because libcrypto (i.e., OpenSSL) is
> entirely deprecated in OS X 10.7: see
> https://stackoverflow.com/questions/7475914/libcrypto-deprecated-on-mac-os-x-10-7-lion
>
>
.
>
> In fact, it looks like libcrypto/OpenSSL on OS X is stuck on an old
> version:
>
> $ openssl version OpenSSL 0.9.8y 5 Feb 2013
>
> (As an aside, I believe this version doesn't have Heartbleed.)
>
> I'm not sure this is an actual problem, but it might be better to
> have the Homebrew spiped use Homebrew's OpenSSL (1.0.1i) instead.
> Colin, do you think this is worth doing?
>
> For now, I worked around this by appending
> -Wno-deprecated-declarations to CFLAGS.
>
> The final problem is the well-known one with -lrt not working on OS
> X. I worked around this by commenting out the LDADD line with
> that.
>
> Hope this is of interest to people. My branch with these
> workarounds is at https://github.com/akalin/spiped/tree/osx .
>
> -- Fred
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJUAj25AAoJEIclJNuddDJsU+kP/1ZpXb8aNcBzgfjT5POM4h3c
CvsFyb91+lo2pbbJpFpTcBVCv6iODn0TCLgJcQXLap6EhdLRyXuERCsLyGSg3L36
0s7S3CXg7oBOvJM5fSSKrccM+NxufSenbN9o/o50l0ubWX/t0H2rleftpQIZwzTI
kOmx7IUySkABG6LnwLbz8vgA5rRM+cTQjJM9OoDQQ/sZ/NcmGgw7jm46KCinpe14
6/Nf+9F6gNSTgDu65WUFKaTq6H60r5fEhJVI+XmRONXWEjQVGjxnWq7dNQYH5ns8
y/KkromuDkWTzgo8jUef0vnxaZKIy2YQW7BdeVJuoMrhiAogBREz8aFshRwQVr9/
7eaxKfeabkcoQgmktpn3dXDsWxgvcC/I2Hp7htO4vVHd6eYKg645vGzhvQthP5Y+
CiYsgnnMKbU00r7r1EXQviTFO3pMoxXV2bCh735kOj7WpRgohsnMzGedUzxLR8W5
OyTO2Ff2DpOsCIJqcvE+4YpVlnxm30NFbcCKhMyTnC9yqFvptcp29Kv2hTzMT8HG
lraujP7fZVjw8O7SVQJa4yVsAn4IWQNq2I3sFgr/M2tE1n9YgT6NP4vg9YvpT1XG
+HiWhFqzT/sX80U2bzxMuFMWhwx+GRUH5+XQVPw5rrogXGbFuLRg2yAxqRlEd/bI
qXlYI1SNH1VpMknbDLMS
=URtq
-----END PGP SIGNATURE-----
Attachment:
0x9D74326C.asc
Description: application/pgp-keys
Attachment:
0x9D74326C.asc.sig
Description: Binary data